CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
73.7%
A vulnerability in the play/modules of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to be granted authenticated administrator access.
The vulnerability is due to an exposed application programming interface (API). An attacker could exploit this vulnerability by sending crafted URL requests to a vulnerable device.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit the vulnerability, the attacker may need access to trusted or internal networks to transmit crafted data to the targeted system. This access requirement could limit the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | webex_meetings_server | any | cpe:2.3:a:cisco:webex_meetings_server:any:*:*:*:*:*:*:* |